General

  • Target

    70007.xlsx

  • Size

    229KB

  • Sample

    211125-vf983sfhbr

  • MD5

    84bf57db75cfc2f21d80fd6729eefd40

  • SHA1

    a4bbc881d59ed09caa74b28fbaa116f15c99ec86

  • SHA256

    065e5db9ab9088660cc93e11eea341b3140526c05d23e41b16989b176819dddd

  • SHA512

    057853ae4d5045d9c0f36be8eb1eb1dd10e6f62967af69079b1fa7c30f08b2a52266decb9f418a67cdb0caad3dbde537adef873ff39ceeb37209da79edd45dce

Score
10/10

Malware Config

Targets

    • Target

      70007.xlsx

    • Size

      229KB

    • MD5

      84bf57db75cfc2f21d80fd6729eefd40

    • SHA1

      a4bbc881d59ed09caa74b28fbaa116f15c99ec86

    • SHA256

      065e5db9ab9088660cc93e11eea341b3140526c05d23e41b16989b176819dddd

    • SHA512

      057853ae4d5045d9c0f36be8eb1eb1dd10e6f62967af69079b1fa7c30f08b2a52266decb9f418a67cdb0caad3dbde537adef873ff39ceeb37209da79edd45dce

    Score
    10/10
    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks